Robyn Lutz receives two NSF grants.

November 4, 2002

Robyn Lutz is used to doubling up on things. 

She is not only employed as an associate professor of computer science at Iowa State, but also as a senior engineer for the Jet Propulsion Laboratory in Pasadena, Calif. This facility, administered by Caltech for NASA, focuses on unmanned space exploration. 

So it should come as no surprise that Lutz is doubling up on grants from the National Science Foundation (NSF). 

But what may come as a surprise is the time frame for her grants. 

Lutz received notification from the NSF just a week apart last July that she had not only been awarded her first NSF grant, but a second one as well. The two grants started on the same date (Sept. 1, 2002) and expire just a month apart (August-September 2005). 

"Both (NSF grants) are related to software engineering and the safety analysis of software systems," Lutz said. 

Safety analysis and software is something that Lutz has been working on for the past 19 years at the Jet Propulsion Laboratory and now at Iowa State. Because technological advances and the consumer marketplace are producing increasing numbers of safety-critical applications, Lutz says it�?�?s important to realize that such advances can be both positive and negative. 

"Software can contribute to a system's safety or can compromise it by putting the system into a dangerous state," she says. "Software engineering of a safety-critical system requires a clear understanding of the software�?�?s role in, and interactions with, the system." 

Lutz says examples of safety-critical software include the software for implantable medical devices, for smart vehicles, and for industrial robots. For Lutz, however, her greatest interest lies in spacecraft that explore deep space and voyage to other planets. 

"Historically, many failures of safety-critical software have been due to an inadequate understanding of the software requirements by the developers," she said. "The specification of what the software had to do was incomplete or inconsistent in some way that prevented safe, correct software from being developed." 

Lutz's pair of NSF grants will look into these concerns. 

In her three-year, $279,000 grant on "Safety Analysis for Critical Product Lines," Lutz will address the question of how safety analysis can become a reusable asset of a product line by developing a framework and a suite of techniques for the safety analysis of critical product lines. 

Lutz cites an example of a product line in the airline industry. 

"Each airline wants a slightly different airplane display panel," she said. "We have to be aware that the software doesn't insert hazards into the system because of these differences." 

The second NSF grant (a three-year, $202,000 grant on "Natural Language in the Development of High-Confidence Software") looks at inadequate communication of domain knowledge in natural language (such as English textual descriptions) as a major source of requirements defects in high-confidence software. 

"Such defects can threaten lives, property and the dependability of critical infrastructures," she said. "This research develops innovative, multi-disciplinary techniques designed expressly to identify and cope with the properties of natural language that lead to these problems." 

Such a defect is thought to be the cause of the failed Mars Polar Lander mission. The software thought that the spacecraft had landed on Mars and turned off the spacecraft's engines. Instead, the Mars Polar Lander was still above the surface of Mars, crashed and was lost. 

"My interests in this area are within the space program, but these techniques are broadly applicable to other industries," Lutz said. 

Lutz's contributions in this area have netted her not only two NSF grants, but a recent award from the NASA Office of Safety and Mission Assurance. She received an award for "outstanding contributions to software assurance research."